Lucene search
K

6 matches found

Circl
Circl
added 2023/08/02 10:0 a.m.4 views

CVE-2018-0114

creationtimestamp| type| source ---|---|--- 2023-08-02 10:00:03+00:00| seen| https://t.me/ptsoft/21 2023-08-02 10:00:03+00:00| seen| https://t.me/ptsoft/12 2024-10-11 07:45:56+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/64 2025-01-28 13:54:03+00:00|...

7.5CVSS7.7AI score0.42651EPSS
Exploits6References6
vulnersOsv
vulnersOsv
added 2022/05/13 1:17 a.m.5 views

@financialforcedev/orizuru-auth (=3.0.4), @kognifai/oidc-provider-fork (=2.5.1) +7 more potentially affected by CVE-2018-0114 via node-jose (=0.10.0)

node-jose NPM version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on node-jose and may be impacted: - @financialforcedev/orizuru-auth =3.0.4 - @kognifai/oidc-provider-fork =2.5.1 - @kognifai/poseidon-dev-host =2.0.0, =0.0.1, =2.4.0, =1.16.0,...

7.5CVSS7.1AI score0.42651EPSS
Exploits6
Packet Storm
Packet Storm
added 2018/03/22 12:0 a.m.36 views

Cisco node-jos Resign Tokens Proof Of Concept

import base64 import urllib import rsa import sys zi0Black ''' POC of CVE-2018-0114 Cisco node-jose 0.11.0 Created by Andrea Cappa aka @zi0Black GitHub,Twitter,Telegram Mail: [email protected] Site: https://zioblack.xyz A special thanks to Louis Nyffenegger, the founder of PentesterLab, for al...

5CVSS7.5AI score0.42651EPSS
Exploits6
0day.today
0day.today
added 2018/03/20 12:0 a.m.57 views

Cisco node-jos < 0.11.0 - Re-sign Tokens Exploit

Exploit for multiple platform in category web applications import base64 import urllib import rsa import sys zi0Black ''' POC of CVE-2018-0114 Cisco node-jose 0.11.0 Created by Andrea Cappa aka @zi0Black GitHub,Twitter,Telegram Mail: email protected Site: https://zioblack.xyz A special thanks to...

5CVSS7.6AI score0.42651EPSS
Exploits6
Exploit DB
Exploit DB
added 2018/03/20 12:0 a.m.60 views

Cisco node-jos &lt; 0.11.0 - Re-sign Tokens

!/usr/bin/env python3 import base64 from urllib.parse import quoteplus import rsa import sys zi0Black ''' EDB Note: This has been updated https://github.com/offensive-security/exploitdb/pull/139 POC of CVE-2018-0114 Cisco node-jose = 8 return b::-1 def generateheaderpayloadpayload,pubkey: create...

7.5CVSS7.5AI score0.42651EPSS
Exploits6
CVE
CVE
added 2018/01/04 6:0 a.m.132 views

CVE-2018-0114

CVE-2018-0114 affects the Cisco node-jose library prior to 0.11.0. The flaw arises when a JSON Web Signature (JWS) header can carry a JWK (public key) that is then trusted for verification. An unauthenticated, remote attacker could forge valid JWS objects by removing the original signature, inser...

7.5CVSS7.4AI score0.42651EPSS
Exploits6References5Affected Software1
Rows per page
Query Builder